Wiz Research has recently uncovered a significant security vulnerability involving DeepSeek, a Chinese AI startup known for its… The post DeepSeek Database Exposure: A Critical Security Breach Including 1 Million Log Enteries appeared first on Hackers Online Club. This article…
No need to RSVP: a closer look at the Tria stealer campaign
Kaspersky GReAT experts discovered a new campaign targeting Android devices in Malaysia and Brunei with the Tria stealer to collect data from apps like WhatsApp and Gmail. This article has been indexed from Securelist Read the original article: No need…
Hackers Exploit RDP Protocol To Gain Windows Access To Control Browser Remotely
Cybercriminals have been exploiting vulnerabilities in the Remote Desktop Protocol (RDP) to gain unauthorized access to Windows systems and remotely control web browsers. This method not only compromises individual machines but also poses a significant threat to enterprise networks. RDP,…
Google’s Subdomain ‘g.co’ Hacked – A Tricky Phone Call Lets Hackers Access Your Google Account Remotely
Cybercriminals recently exploited Google’s g.co subdomain to carry out a meticulously crafted scam over a vishing call. The incident was chronicled by Zach Latta, founder of Hack Club, who nearly fell victim to the attack. His account sheds light on…
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is…
Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. “When an authenticated Voyager user clicks on a malicious link, attackers can…
IT Security News Hourly Summary 2025-01-30 09h : 2 posts
2 posts were published in the last hour 7:34 : Oasis Scout empowers security teams to identify attacks on NHIs 7:11 : New RDP Exploit Allows Attackers to Take Over Windows and Browser Sessions
Oasis Scout empowers security teams to identify attacks on NHIs
Oasis Security unveiled Oasis Scout, an Identity Threat Detection and Response (ITDR) solution designed specifically for NHIs, integrated with proprietary AuthPrint technology. Available with Oasis NHI Security Cloud, Oasis Scout delivers high-fidelity threat detection and response capability for NHIs with…
New RDP Exploit Allows Attackers to Take Over Windows and Browser Sessions
Cybersecurity experts have uncovered a new exploit leveraging the widely used Remote Desktop Protocol (RDP). This vulnerability enables attackers to gain unauthorized control over Windows systems and hijack browser activity, posing a significant threat to individual and enterprise data security.…
Anzeige: Gezielt auf Cybervorfälle reagieren und Schäden begrenzen
Dieser eintägige Workshop der Golem Karrierewelt zeigt IT-Teams praxisnah, wie sie auf Sicherheitsvorfälle reagieren und Schäden begrenzen – von der Vorfallidentifikation über die -analyse bis zur Beweissicherung. (Golem Karrierewelt, Sicherheitslücke) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie…
DeepSeek Database Publicly Exposed Sensitive Information, Secret Keys & Logs
Experts at Wiz Research have identified a publicly exposed ClickHouse database belonging to DeepSeek, a Chinese AI startup renowned for its innovative models. The vulnerability granted full control over database operations, exposing sensitive information such as chat history, secret keys,…
New SMS-Based Phishing Tool ‘DevilTraff’ Enables Mass Cyber Attacks
Cybersecurity experts are sounding the alarm about a new SMS-based phishing tool, Devil-Traff, that is enabling large-scale cyberattacks worldwide. By exploiting trust and leveraging advanced automation, this malicious platform empowers attackers to conduct high-volume phishing campaigns with devastating results. How…
Threat Actors Exploit Government Website Vulnerabilities For Phishing Attacks
Cybercriminals are increasingly exploiting vulnerabilities in government websites to carry out phishing campaigns, leveraging the inherent trust users place in official domains. A recent report by Cofense Intelligence shows that how attackers are weaponizing .gov top-level domains (TLDs) across multiple…
Staying Ahead with Enhanced IAM Protocols
Staying Ahead in a Fraught Landscape? Is it possible to stay ahead with cybersecurity threats? With the increased digitization of systems, our reliance on machines has skyrocketed, necessitating the need for an enhanced Identity Access Management (IAM) strategy. Addressing this…
Scalable Solutions for Global Secrets Management
Are Your Secrets Secure in a Cloud World? Where robust digital identities govern access to resources, the effective management of Non-Human Identities (NHIs) becomes paramount. But how significantly does the approach to secure these identities and their secrets impact global…
Empower Your Security with Advanced NHI Detection
Why is NHI Detection Crucial in Today’s Cybersecurity Landscape? Imagine being able to mitigate security risks, meet regulatory compliance, save on operational costs, and increase efficiency, all by refining one aspect of your cybersecurity strategy. Sounds promising, doesn’t it? This…
Ensuring Compliance with Secure Secrets Vaulting
Why is Secure Secrets Vaulting a Critical Factor? The requirement to manage Non-Human Identifiers (NHIs) and their secrets with utmost precision is more vital than ever. With the surge of massive amounts of data traversing through numerous channels, wouldn’t you…
Zscaler CISO on balancing security and user convenience in hybrid work environments
In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models while offering advice…
OPNsense 25.1 Released, What’s New!
The highly anticipated release of OPNsense 25.1 has officially arrived! Nicknamed “Ultimate Unicorn,” this update marks a significant milestone for the open-source firewall platform, celebrating its decade-long journey of innovation, security, and reliable performance. Packed with exciting features, new integrations,…
ExtensionHound: Open-source tool for Chrome extension DNS forensics
Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions.…
DeepSeek AI data under scrutiny as Microsoft investigates OpenAI data steal
DeepSeek AI, a Chinese chatbot service that recently gained traction on the Apple App Store, is now in the spotlight due to allegations of unauthorized data access from Microsoft-backed OpenAI. According to sources familiar with the situation, DeepSeek AI’s founder,…
DeepSeek is Now Available With Microsoft Azure AI Foundry
Microsoft has officially added DeepSeek R1, an advanced AI model, to its Azure AI Foundry and GitHub Model Catalog. This move places DeepSeek R1 among a curated selection of over 1,800 AI models, spanning open-source, task-specific, and industry-focused solutions. Businesses…
89% of AI-powered APIs rely on insecure authentication mechanisms
APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, what is clear is that API security is no longer just…
IT Security News Hourly Summary 2025-01-30 06h : 2 posts
2 posts were published in the last hour 4:35 : DeepSeek Database Leaked – Full Control Over DB Secret keys, Logs & Chat History Exposed 4:35 : How to use Hide My Email to protect your inbox from spam